Follow GISEC

Tenable’s Bernard Montel illuminates Cyber threats at GISEC 2022

TAHAWULTECH.COM, March 22, 2022

“Fast paced digital transformation has bought about its own security risks. At present, we mostly see three main threats. Number one is due to remote working. We all know that remote workers are here to stay. Companies won’t go back to operating the way they did two years back before the pandemic. Certainly, people are willing to go back to office but the fact that they were using remote working capacity will continue and this is clearly a threat because a home network is not secure. A home network has plenty of devices, roughly about eight devices connected at a time which includes corporate devices as well but not only so this a vulnerability that can be easily targeted by attackers”, says Montel

“The second is attack against critical infrastructure. In EMEA, they are the main targets for cyber criminals and the trend is very high. In Europe, Middle East, and Africa, almost 45 percent of attacks are ransomware attacks which is the top threat right now against critical infrastructure. Third is due to cloud adoption. Because of the huge amount of people working from home, we needed to launch new cloud services to ensure continuity and we had to do this in like a couple of weeks. Now cloud adoption is something we have been talking about for the past 10 years but rapid cloud adoption was bought about by the pandemic and we have attackers who are now willing to target the cloud provider rather than targeting a particular company. Why so? Because if they target a cloud provider, they can hit hundreds of companies so the effort is the same but it will have a domino effect that will affect hundreds of companies at a time”.

Montel goes on to talk about how critical infrastructures like healthcare are easy targets for attackers looking to make quick monetary benefits, “In EMEA, the top three sectors are education, government, and healthcare. Of these, healthcare is the number one sector which is vulnerable to attacks. Hospitals have not been designed to beat cyber security threats. Their main mission has always been to save people. During the COVID-19 pandemic, they were under fire to save people’s lives leaving them vulnerable to cyber-attacks. We must bear in mind that the nature of healthcare data is unique. If you have data breach for intellectual property, the data can have a new version, it can be changed and hence it won’t be sensitive data anymore. Same goes for financial data. However, in case of data related to human beings, the data will always be unique. For example, you cannot change your disease, your date of birth or your social security number. You can’t have a version 2 of the history of your diseases! So, when this type of data is out, it is considered highly sensitive and because of that its highly monetised by attackers. Majority of them are ransomware attacks. I would say about 98 percent of the attacks are ransomware attacks and majority of any sort of attack focuses on vulnerabilities. They penetrate the network using these vulnerabilities which have been there for many years because hospitals, like I mentioned before, have not been designed for cybersecurity but for saving lives. They use technology mainly for medical purposes and thus are prone to be easy targets for an attack”.

“My advice to companies looking to improve their security posture is to prioritise. There are hundreds of vulnerabilities that come up every day. You cannot patch up all of them. There should be an approach based on risk. If we are to talk about business risk, we must consider which are the technologies that are business critical be it on-prem or on cloud; if there are any vulnerabilities, this is where the effort must go for patching. Also keep in mind specific software’s that might have access to active directory and admin rights. These are very sensitive and must be taken care of. Another step is detecting vulnerabilities in cloud applications. When we move to the cloud, we move to native cloud applications that are designed and coded directly with containers and Kubernetes and that type of technology. If we fail to check for vulnerabilities in the code when the applications are being developed, it will be too late. We must thus shift left and detect vulnerabilities in the code itself which will ensure huge benefits later”, added Montel.